diff --git a/actions/profilesettings.php b/actions/profilesettings.php
index c14a3f640d..95f625de9b 100644
--- a/actions/profilesettings.php
+++ b/actions/profilesettings.php
@@ -140,7 +140,7 @@ class ProfilesettingsAction extends SettingsAction {
 
 			$confirm = new Confirm_address();
 			
-			$confirm->code = common_good_rand(16);
+			$confirm->code = common_confirmation_code(128);
 			$confirm->user_id = $user->id;
 			$confirm->address = $email;
 			$confirm->address_type = 'email';
diff --git a/actions/register.php b/actions/register.php
index 862ca2a784..31c8fea70f 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -121,7 +121,7 @@ class RegisterAction extends Action {
 		if ($email) {
 			
 			$confirm = new Confirm_address();
-			$confirm->code = common_good_rand(16);
+			$confirm->code = common_confirmation_code(128);
 			$confirm->user_id = $user->id;
 			$confirm->address = $email;
 			$confirm->address_type = 'email';
diff --git a/lib/util.php b/lib/util.php
index 49349a72f0..18043e8670 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -927,3 +927,18 @@ function common_notice_uri(&$notice) {
 	return common_local_url('shownotice', 
 		array('notice' => $notice->id));
 }
+
+# 36 alphanums - lookalikes (0, O, 1, I) = 32 chars = 5 bits
+
+define('CODECHARS', '23456789ABCDEFGHJKLMNPQRSTUVWXYZ');
+
+function common_confirmation_code($bits) {
+	$chars = ceil($bits/5);
+	$code = '';
+	for ($i = 0; $i < $chars; $i++) {
+		# XXX: convert to string and back
+		$num = hexdec(common_good_rand(1));
+		$code .= CODECHARS[$num%32];
+	}
+	return $code;
+}